The wordpress plugin is currently in closed beta. Please check back later for updates.
Overview
The Agent Analytics WordPress plugin provides a seamless integration for WordPress sites to send HTTP request logs to the Profound Analytics platform. The plugin is designed with performance and privacy in mind, capturing only public visitor traffic while excluding all administrative and system activity.Key Features
Zero Performance Impact
Asynchronous queue system ensures page delivery is never blocked. Adds less than 1ms to request processing.
Public Traffic Only
Automatically excludes WordPress admin, REST API, and system paths. Only tracks real visitor traffic.
Privacy Controls
Redacts sensitive query parameters and excludes login pages. No cookies or client-side tracking.
Enterprise Ready
Supports environment variables for API keys and includes circuit breaker protection for reliability.
How It Works
The plugin operates using a lightweight, non-blocking architecture:- Capture - Essential HTTP metadata is captured during request processing
- Queue - Data is immediately stored in a local database queue with minimal overhead
- Batch - Background process sends logs in efficient batches (up to 1,000 per request)
- Retry - Failed sends are automatically retried with exponential backoff
- Protect - Circuit breaker prevents cascade failures if the API is unavailable
Data Collection
The plugin collects standard HTTP request metadata from public pages:| Field | Description | Privacy Notes |
|---|---|---|
| IP Address | Full visitor IP | Required for bot detection |
| Request Path | URL path visited | Admin/system paths automatically excluded |
| HTTP Method | GET, POST, etc. | Standard HTTP methods only |
| Status Code | HTTP response code | 200, 404, 301, etc. |
| User Agent | Browser/bot identifier | Full string captured |
| Query Parameters | URL parameters | Sensitive values redacted (passwords, tokens, cards) |
| Referer | Previous page URL | If provided by browser |
| Response Size | Bytes sent | When available |
| Duration | Request processing time | In milliseconds |
The plugin does not collect: page content, form data, WordPress user information, admin activity, database queries, or any server-side application data.
Automatic Filtering
The following requests are automatically excluded from logging:System & Admin Paths
/wp-admin/*- All admin pages/wp-login.php- Login page/wp-cron.php- Scheduled tasks/admin-ajax.php- Admin AJAX calls/xmlrpc.php- XML-RPC interface
API & Internal Requests
/wp-json/wp/*- WordPress REST API- Any request with
rest_route=/wp/*parameter - Requests with wp-admin referer
- WordPress CLI operations
Configurable Exclusions
- Custom path patterns (supports wildcards)
- Specific query parameter redaction
- Optional bot filtering
Performance Characteristics
Request Impact
Request Impact
- Processing overhead: < 1ms per request
- Memory usage: Minimal (single array per request)
- Database operations: One INSERT per request
- No output buffering: Does not delay response delivery
Background Processing
Background Processing
- Send interval: Every 60 seconds (configurable)
- Batch size: Up to 500 logs per send (configurable)
- Timeout: 5 second maximum per batch
- Queue limit: 100,000 entries maximum
Reliability Features
Reliability Features
- Automatic retry: Exponential backoff on failures
- Circuit breaker: Pauses after 3 consecutive failures
- Queue persistence: Logs preserved during outages
- Lock mechanism: Prevents concurrent processing
Privacy & Compliance
The plugin is designed to work with analytics while respecting user privacy:- No cookies: Pure server-side implementation
- No JavaScript: No client-side tracking code
- Data minimization: Only HTTP metadata, no content
- Automatic redaction: Sensitive parameters removed
- Public only: Admin and user areas excluded
Full IP addresses are collected as they are essential for accurate bot detection and traffic analysis. If your jurisdiction requires IP anonymization, additional configuration may be needed.
System Requirements
- WordPress 6.0 or higher
- PHP 7.4 or higher
- MySQL 5.7+ or MariaDB 10.2+
- Outbound HTTPS connectivity
- WordPress Cron enabled (or system cron configured)
- Sodium PHP extension (recommended for API key encryption)
Hosting Compatibility
The plugin is tested and optimized for:- Managed WordPress Hosts: WP Engine, Kinsta, Flywheel
- Cloud Platforms: AWS, Google Cloud, Azure
- Traditional Hosts: SiteGround, Bluehost, GoDaddy
- Local Development: LocalWP, MAMP, XAMPP
The plugin automatically detects and handles reverse proxy headers used by managed WordPress hosts and CDNs to ensure accurate IP detection.